2.0.1 update issues

pfsparc

I've just updated this morning to 2.0.1.
All seemed fine, but after some more browsing I got more and more HAVP time-out responses.
Turning off HAVP resulted in 'unable to connects' from squid to the same websites.

Figured to reinstall the HAVP package, but this gave install failures, which stated not more than: Installation Failed.

Disabling squid, proxy filter, HAVP didn't seem to work.

So, I tried deinstalling packages, but … got failures on deinstallation.
Looking at packages to add showed there was no connection possible with pfsense.com. I should check my DNS etc..
Though I could still reach some websites.
Even new selected (long not visited) from my bookmarks, or following links from pages.

Tracerouting to my usual news page (www.nu.nl) works. Tracerouting to pfsense.com or .org results in failures.
I am not able to connect from my pfsense gateway to the pfsense servers.
It can not see if I'm on the latest version and all.

So ... thought the quickest way may be , by resetting factory defaults.. Let's start a clean sheet...
But, it remains the same.
No packages installed, but can not install any new packages, since... the pfsense gateway is not able to connect to pfsense.org nor .com.
And package manager shows cached packages, which result in installation failure.

Any help on where to look to resolve would be appreciated!

Thanks

jimp

Could be your DNS servers or something along those lines.

The pfsense.org domain DNS moved servers the other day but it works on the old and the new so it doesn't make sense that it would just plain not work for you.

Any errors in the system log?

pfsparc

Well…

I've found nothing related in the logs to be unable to reach pfsense.com.
I guess DNS looks fine.
Tried nslookup and ping. I just can't reach pfsense.com nor .org, with all sorts of unwanted results..

#
# hostname
pfSense.localdomain
#
# nslookup www.pfsense.com
Server:		127.0.0.1
Address:	127.0.0.1#53

Non-authoritative answer:
www.pfsense.com	canonical name = www.pfsense.org.
Name:	www.pfsense.org
Address: 69.64.6.21

#
#
# ping www.pfsense.com
PING www.pfsense.org (69.64.6.21): 56 data bytes
ping: sendto: Operation not permitted
ping: sendto: Operation not permitted
^C
--- www.pfsense.org ping statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss
#
#
# ping www.pfsense.org
PING www.pfsense.org (69.64.6.21): 56 data bytes
ping: sendto: Operation not permitted
^C
--- www.pfsense.org ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss
#
#
# ping www.nu.nl
PING www-nu-nl.gl.sanomaservices.nl (62.69.179.15): 56 data bytes
64 bytes from 62.69.179.15: icmp_seq=0 ttl=247 time=10.825 ms
^C
--- www-nu-nl.gl.sanomaservices.nl ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 10.825/10.825/10.825/0.000 ms

What I did find in my system log, was that snort is still running.. and with grepping for snort and squid at ps aux..
Snort and Squid are still running..
I am able to get through the gateway with my desktops browsing and all the other internet services (mail, usenet etc.) but
pfsense gateway, still states there are no packages installed..

Fortunately I can reach the forum (by http)…

jimp

"ping: sendto: Operation not permitted" means something on your system is stopping the ping. If you did that at the console of the firewall, the traffic was dropped (perhaps snort blocked it for some reason?)

pfsparc

Yes, but why only pfsense.org/.com?

# ping 69.64.6.21
PING 69.64.6.21 (69.64.6.21): 56 data bytes
ping: sendto: Operation not permitted
ping: sendto: Operation not permitted

For all others I tried , I get the usual icmp replies.

Since the pfsense gateway states no packages are installed, I have no menu option to go to snort packages/rules settings.
(Killed snort the hard way ( -9 ) and still no success..)

jimp

Not sure why, but I can ping it fine from several different places.

Do you have anything like Captive Portal on/enabled on your WAN or the interface with your default route somehow?

Check Diagnostics > Tables and look in the virusprot table as well as the snort table(s) and see if the IP shows up there.

pfsparc

Wow.

Have to look into this snort2c tables thing.
Cleared the list.. and packages seem to be available..
The address 69.64.6.21 was listed there..

But.. unfort. still not able to ping. Nor is pfsense able to check if I'm on the latest version.

Tried to install squid.. successful, but.. no menu option. reinstalled menu package.. no result..

Think I'm going to face a day spending on a clean install… :-(

jimp

If it's in the snort2c table, snort is blocking it. It must still be running or doing something to reload that table.

RonpfS

This look like the http_inspect issue : http://forum.pfsense.org/index.php/topic,41533.msg220890.html#msg220890

pfsparc

Strange things happened.
Resetting to factory defaults, does not delete all packages, although this is stated in the 'Installed packages', which was empty.

But since it indeed is the http inspection, I was not able to browse anymore, or be it very limited.

Today I did a reinstall of pfsense.. All went fine, until Snort was fired up, and the http inspection issue arose again.
Suppressing it doesn't help.
So for the time being '-1' helps, but will have to look into this more coming days.

So far, thanks all!!

johnnybe

@pfsparc:

Today I did a reinstall of pfsense.. All went fine, until Snort was fired up, and the http inspection issue arose again.
Suppressing it doesn't help.
So for the time being '-1' helps, but will have to look into this more coming days.

bdwyer says: Make sure you add your suppression list to the snort interface settings.  Change it from default to the list that has that rule.
http://forum.pfsense.org/index.php/topic,43043.msg222725.html#msg222725

It works, as you can see here as well:
http://forum.pfsense.org/index.php/topic,43606.msg225992.html#msg225992

pfsparc

@johnnybe:

@pfsparc:

Today I did a reinstall of pfsense.. All went fine, until Snort was fired up, and the http inspection issue arose again.
Suppressing it doesn't help.
So for the time being '-1' helps, but will have to look into this more coming days.

bdwyer says: Make sure you add your suppression list to the snort interface settings.  Change it from default to the list that has that rule.
http://forum.pfsense.org/index.php/topic,43043.msg222725.html#msg222725

It works, as you can see here as well:
http://forum.pfsense.org/index.php/topic,43606.msg225992.html#msg225992

Many thanks !!
As the second link gave the real hint… adding the suppression list to the snort interface.